Response to the "Meltdown" Vulnerability

A
message to tech@
from Philip Guenther (guenther@) provides the first public
information from developers regarding the OpenBSD response to the recently
announced
CPU vulnerabilities:

So, yes, we the OpenBSD developers are not totally asleep and a handful of
us are working out how to deal with Intel's fuck-up aka the Meltdown
attack. While we have the advantage of less complexity in this area (e.g.,
no 32bit-on-64bit compat), there's still a pile of details to work through
about what has to be *always* in the page tables vs what can/should/must be
hidden.

"We have received *no* non-public information. I've seen posts elsewhere by other *BSD people implying that they receive little or no prior warning, so I have no reason to believe this was specific to OpenBSD and/or our philosophy."

Let that sink in for a moment: none of the BSDs has been warned in advance. None. The only people to get information are Microsoft, Apple and probably Red Hat and other largish Linux distros... Even though Intel knew of these flaws since June 2017.

OpenBSD devs only got information because of the noise on the Linux Kernel mailing lists. This is a disgusting and irresponsible attitude from the people at Intel and other companies.

Is this how "minority" operating systems are going to be treated in the future? I hope not.

By the way, Matthew Dillon of DragonflyBSD had some choice words for Intel : http://lists.dragonflybsd.org/pipermail/users/2018-January/313758.html